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Question: 1 


Refer to the exhibit. 
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A threat actor behind a single computer exploited a cloud-based application by sending multiple 
concurrent API requests. These requests made the application unresponsive. Which solution protects 
the application from being overloaded and ensures more equitable application access across the 
end-user community? 


A. Limit the number of API calls that a single client is allowed to make 

B. Add restrictions on the edge router on how often a single client can access the API 

C. Reduce the amount of data that can be fetched from the total pool of active clients that call the 
API 

D. Increase the application cache of the total pool of active clients that call the API 


Answer: A 


Question: 2 


DRAG DROP 
An organization lost connectivity to critical servers, and users cannot access business applications 


and internal websites. An engineer checks the network devices to investigate the outage and 
determines that all devices are functioning. Drag and drop the steps from the left into the sequence 
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on the right to continue investigating this issue. Not all options are used. 


Answer Area 


Answer: 


Explanation: 
Answer Area 


Question: 3 


A threat actor attacked an organization’s Active Directory server from a remote location, and in a 
thirty-minute timeframe, stole the password for the administrator account and attempted to access 
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3 company servers. The threat actor successfully accessed the first server that contained sales data, 
but no files were downloaded. A second server was also accessed that contained marketing 
information and 11 files were downloaded. When the threat actor accessed the third server that 
contained corporate financial data, the session was disconnected, and the administrator’s account 
was disabled. Which activity triggered the behavior analytics tool? 


A. accessing the Active Directory server 
B. accessing the server with financial data 
C. accessing multiple servers 

D. downloading more than 10 files 


Answer: C 


Question: 4 


Refer to the exhibit. 


192.168.1.8:54580 
192.168.1.8:54583 
192.168.1.8:54916 
192.168.1.8:54978 
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A security analyst needs to investigate a security incident involving several suspicious connections 
with a possible attacker. Which tool should the analyst use to identify the source IP of the offender? 
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A. packet sniffer 

B. malware analysis 
C. SIEM 

D. firewall manager 


Answer: A 


Question: 5 


Refer to the exhibit. 


Analysis Report 


ID 12cbeee21b1ea4 Filename fpzryrf.exe 

os 7601.1898.amd64fre.win7sp1_ Magic Type PE32 executable (GUI) intel 80386, for MS Windows 
gdr.150316-1654 Analyzed As exe 

Started 7/29/16 18:44:43 SHA256 eScadSascc2/8c9748aSe9b304c9f5a 16d830066e5467d3dd5927 

Ended 7/29/16 18:50:39 be36fec47da 

Duration 0:05:56 SHA1 a2de858 10fdSebcf29cSdaSdd29ce03470772ad 

Sandbox phi-work-02 (pilot-d) MD5 dd07d778edf8d581ffaadb1610aaa008 


Warnings 


© Executable Failed integrity Check 


Behavioral Indicators 

© CTB Locker Detected Severity: 100 Confidence: 
© Generic Ransomware Detected Severity: 100 Confidence: 
© Excessive Suspicious Activity Detected Severity: 90 Confidence: 
© Process Modified a File in a System Directory Severity: 90 Confidence: 
© Large Amount of High Entropy Artifacts Written Severity: 100 Confidence: 
@ Process Modified a File in the Program Files Directory Severity: 80 Confidence: 


© Decoy Document Detected Severity: 70 Confidence: 
@Process Modified an Executable File Severity: 60 Confidence: 


@Process Modified File in a User Directory Severity: 70 Confidence: 
OWindows Crash Tool Execution Detected Severity: 20 Confidence: 
© Hook Procedure Detected in Executable Severity: 35 Confidence: 


©Ransomware Queried Domain Severity: 25 Confidence: 


© Executable Imported the IsDebuggerPresent Symbol Severity: 20 Confidence: 


Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a 
low prevalence file to the Threat Grid analysis engine for further analysis. What should be concluded 
from this report? 


A. The prioritized behavioral indicators of compromise do not justify the execution of the 
“ransomware” because the scores do not indicate the likelihood of malicious ransomware. 
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B. The prioritized behavioral indicators of compromise do not justify the execution of the 
“ransomware” because the scores are high and do not indicate the likelihood of malicious 
ransomware. 
C. The prioritized behavioral indicators of compromise justify the execution of the “ransomware” 
because the 


scores are high and indicate the likelihood that malicious ransomware has been detected. 

D. The prioritized behavioral indicators of compromise justify the execution of the “ransomware” 
because the scores are low and indicate the likelihood that malicious ransomware has been 
detected. 


Answer: C 
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